Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

If you are using an older internet browser, new security restrictions mean that from Thursday, 7 June 2018, you may no longer be able to access our website. You will need to update your browser or use an alternative one. We apologise for the inconvenience but some older browsers are no longer secure enough for use on our website. Find out more here.

The Privacy Act 1993 gives the Privacy Commissioner the power to issue codes of practice that become part of the law. These codes may modify the operation of the Act for specific industries, agencies, activities or types of personal information. Codes often modify one or more of the information privacy principles to take account of special circumstances which affect a class of agencies (e.g. credit reporters) or a class of information (e.g. health information). The rules established by a code may be more stringent or less stringent than the principles they replace.

Proposals for issuing a code of practice may be made by a body representing the interests of a particular class of agency or industry, or by the Privacy Commissioner.

Codes of practice are a flexible means of regulation and can be amended or revoked by the Privacy Commissioner at any time. However, as they are deemed regulations, they must be presented to the House of Representatives and will be subject to careful scrutiny by the Regulations Review Committee.